Talk to a Security Expert Now: (800) 721-9177

Finding the Needle in the NBEstack

I’m a huge fan of the Nessus vulnerability scanner.  It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks).  While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network.  A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s.  Here is a quick list of interesting plug-ins:

  • 16314 – Lists suspicious and unwanted software.
  • 36217 – Detection of the Conficker worm.
  • 23938 – Locates Cisco routers with missing / default passwords.
  • 38153 – A nice summary of missing Microsoft patches.
  • 11936 – Identification details about the machines OS.
  • 10673 – Locates SQL servers with default / blank SA accounts.
  • 10396 – Details about SMB shares.
  • 23910 – Locates modified HOSTS files – can be an indication of a virus or malware.

To search for these, I usually do a quick grep nessus-id *.nbe and then use cut with custom delimiters to filter out the IP addresses and other pertinent information.

Related Posts

A bad Apple…

This week iPad owners had their emails leaked via a security vulnerability in the way…

Defcon: Advanced Format String Attacks

Format string attacks remain difficult in both software and hackademic exercises as the techniques have not improved since their discovery. This session demonstrates advanced format string attack techniques designed to automate the process from creation to compromise as well as incorporate those techniques into the Metasploit framework. The audience is encouraged to bring a basic understanding of format string attacks in order to leave the presentation with the tools necessary to never write one again.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top